Health IT harm now a target for investigation
When the cure causes harm
A decade or so ago, it was a common belief that if only everyone had electronic records, we could make healthcare cheaper and better. While that may be true in theory, health information technology (HIT) also includes risks — not just the kind that involve a lapse in HIPAA, but the kind that can cause physical harm to a patient. As healthcare becomes more advanced technologically, those risks multiply to include potential harm from devices that malfunction, improperly programmed machines, and operator error.
The federal government released a plan in July to come to grips with some of the risks. (The entire plan is available at http://www.healthit.gov/sites/default/files/safety_plan_master.pdf.) Among the stated goals of the HIT Patient Safety Action and Surveillance Plan are to make it easier for clinicians and hospitals to report risks and adverse events related to HIT. To facilitate this, the Agency for Healthcare Research and Quality (AHRQ) is updating its common formats to facilitate the reporting of information to patient safety organizations (PSOs). The Centers for Medicare & Medicaid Services (CMS) will also encourage the use of the common formats in hospital reporting programs and will develop training programs for its surveyors on the topic.
The plan requires that the federal Office of the National Coordinator for Health Information Technology (ONC) propose standards and certification criteria to make it easier to generate reports from data stored in electronic health records (EHRs), and that AHRQ and the ONC develop tools to help providers figure out what is an event or risk, how to describe it, and how to report it.
Stakeholders will work with patient safety organizations, providers, and IT developers on ways to improve reporting, as well as how to mitigate risk, and will move quickly to include post-market surveillance for safety issues for certified EHR technology. Another goal is to support research, development of best practices and tools to help reduce risk, and then to disseminate those practices and tools.
One of the key parts of the plan is to investigate the kinds of harm that are happening or are at risk of happening, and their frequency. The Joint Commission will be working with 10 organizations, including five ambulatory care organizations. Two have already been identified through previous reports of sentinel events related to HIT.
The others will come from good old-fashioned reaching out to hospitals and ambulatory facilities, says Ron Wyatt, MD, the medical director at The Joint Commission’s division of healthcare improvement. Some hospitals have actually called the organization to ask about participating, he adds, so it doesn’t look as if it will have a problem finding people willing to talk about the safety problems they’ve had related to HIT.
"It is a challenge for many to talk to us about events — whether they are related to IT or not. But there are many organizations and systems that are beginning to understand the value of reporting and learning from safety events, including sentinel events," he says.
A database query found "hundreds" of potential events that will provide a solid start to the endeavor, says Wyatt. "We will let them know this is not about accreditation, but about process improvement, quality and safety. We have been trying for some time to get them to see us not as a regulator, but as an organization that will collaborate with them on patient safety and quality improvement. And that is paying off. They know that this is not something that will lead to punitive action. We aren’t interested in where you aren’t in compliance with a standard, but where there was an event and how to build a more resilient system so that it doesn’t happen again. Then we want to share that learning with others."
That sharing is key: Organizations always want to know how others have dealt with the problems uncovered in the root-cause analyses of sentinel events.
As for the process, it won’t differ at all from the existing sentinel event investigation process. The information is confidential, data are de-identified, and conversations take place in a sound-proof room. There may be additional issues that arise in the initial phase that could require tweaking the process for tech-related events, Wyatt says.
The entire process will be completed within the next nine months, he says.
Jumping on the bandwagon now
While the national plan related to HIT safety is likely to result in more emphasis in the future on keeping track of HIT-related harm, there’s no need to wait to figure out where your risks lie, says Linda Kloss, president of Chicago-based Kloss Strategic Advisors. She says that many hospitals are putting in monitoring programs to determine whether, how, and how often patients are harmed by HIT.
While many have been flying blind in their efforts until now, this month the ONC will be issuing some tools that will help organizations understand the risks and potential fixes based on expert opinions and research.
"That will be a good place to start, because there is enough literature, and study, and expert opinion to know where many of the points of vulnerability are," she says. "When you know those, you can begin to get some focus on where to start."
One of the areas that members of the ONC advisory board on HIT safety issues noted as potentially risky is any time there is a software update of technology, Kloss notes. While organizations are very rigorous in their testing of any new technology before it goes into production, most are not as rigorous in how they test updates before beginning to use them.
Other areas of interest that may result in an on-line tool from the ONC include problems with user interface, Kloss says, such as when a clinician doesn’t have all the information he or she needs, and doesn’t know how to get to the screen that contains it. Workflow issues, interfaces between systems, and even things as simple as the problem of duplicate records are all hazards that could potentially cause harm to a patient if not addressed.
Solutions in the works
"We need to know the places where we have to be extra careful and extremely aware," says Dean Sittig, PhD, who has been working to come up with ways to define HIT events, and then to create systems that will make those events less common. He sits with Kloss on the ONC expert panel and was the lead investigator for the SAFER initiative1on EHR resilience that is the basis for the tools being released later this month on the ONC website.
The SAFER project came up with nine areas of concern:
- computerized provider order entry and e-prescribing;
- clinical decision support;
- test result reporting;
- communication between providers;
- patient identification;
- EHR downtime events;
- EHR customization and configuration;
- system-system interface data transfer;
- health IT safety-related human skills.
The best place to start is to look at your adverse events and figure out if there was a technological element to it, he says. It might not be obvious. Take patient registration: If you have two people with the same name, you might end up giving one the wrong medication. But what if you have two patients with the same name and the same address, but different middle initials? Likely, one of those was a typo. But if you don’t have the complete record of a patient’s experience — if some of it is in the John L. Smith file and some is in the John Q. Smith file — the physician may not have all the information he or she needs on tests done in the past, drugs that didn’t work, or comorbidities. All of those issues could change the way a physician treats the patient.
Indeed, Sittig says the first, easiest thing a hospital can do to reduce potential harm is to look at how many people have the same first and last name and same date of birth in your system. In some databases, as many as 20% of patients have duplicate records.
The importance of doing this now is critical: We can’t use technology to monitor and improve safety until we know that technology is, itself, safe, Sittig says. "That’s where we want to get, but most people don’t trust computers enough to let them be in charge of safety."
"Don’t look at this as some externally imposed project," Kloss says. "It is something to do, but the consequences of not addressing the issues are potentially as extraordinarily adverse for patients as the potential benefits that same technology can provide. Besides," she notes, "it’s not going to get any simpler."
1. Singh H, Ash JS, Sittig DF. Safety Assurance Factors for Electronic Health Record Resilience (SAFER): study protocol. BMC Medical Informatics and Decision Making 2013, 13:46.
For more information on this topic, contact:
- Linda Kloss, President, Kloss Strategic Advisors, Chicago, IL. Telephone: (312) 624-9750.
- Dean F. Sittig, Ph.D., Professor, University of Texas School of Biomedical Informatics at Houston, UT - Memorial Hermann Center for Healthcare Quality & Safety, Houston, TX. Telephone: (713) 500-7977.
- Ron Wyatt, M.D., medical director, Division of Healthcare Improvement, The Joint Commission. Oakbrook Terrace, IL. Telephone: (630) 792-5800.